Interesting article, and worth bearing in mind. But also important to remember this isn't the security model Signal is (or can) defend against. https://www.forbes.com/sites/thomasbrewster/2021/02/08/can-the-fbi-can-hack-into-private-signal-messages-on-a-locked-iphone-evidence-indicates-yes/?sh=4e0ce7366624
Can The FBI Hack Into Private Signal Messages On A Locked iPhone? Evidence Indicates Yes

Signal is one of the most secure apps in the world. But if FBI agents have access to a device, they can still access supposedly-encrypted messages, even on a locked iPhone.

https://www.forbes.com/sites/thomasbrewster/2021/02/08/can-the-fbi-can-hack-into-private-signal-messages-on-a-locked-iphone-evidence-indicates-yes/?sh=4e0ce7366624
A lot of folks railing against Signal these days, but most of the time it seems to be a disconnect between what folks unreasonably expect Signal to do (i.e. magic security sprinkle dust) versus what it actually claims to do (and mostly does a pretty good job of).
"Security" is not a simple attribute of a thing. Nothing is "secure" per se; it is "secure against Y threat". The threat vector Signal primarily tackles--and does pretty well---is defending against hackers and governments reading your phone messages as they traverse the Internet.
Other threats, such as people breaking directly into your device, require other approaches. And sometimes those approaches must be defended by other people. For example, Signal is an app. It *cannot* defend in general against a fully compromised device.
This is the essence of threat modelling: what are the threats, and what can be done to address them. And in some cases the answer is "we have to depend on someone elsewhere in the stack of technologies to defend this attack surface, it's not possible for the app to defend it"
It's not a bug in Signal that it can't defend against malware or breaking into your device. Overplaying those "bugs" is problematic if folks hear it and move to other apps that *also* don't defend these problems, while also not doing Signal's core thing as well as it does
There's also this perverse cycle that *because* Signal is one of the best at what it does, it gets a lot more attention for alleged failings.

Simple example: contrast stories of "SMS is horrific" (never) vs "Signal does not protect against [thing it doesn't claim to defend]"
Anyway, not railing on this article in particular. Just noting that Signal is getting a lot of misdirected negative attention these days for failing to protect against things that don't match its actual threat model.
You can follow @pwnallthethings.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.